ossec-authd¶
The ossec-authd program can automatically add an agent to a Wazuh manager and provide the key to the agent. The agent-auth application is the client application used with ossec-authd. ossec-authd creates an agent with an IP address of “any” instead of using a specifig IP address.
Warning
By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.
| -V | Version and license message. | |
| -h | This help message. | |
| -d | Debug mode. Use this parameter multiple times to increase the debug level. | |
| -t | Test configuration. | |
| -f | Run in foreground. | |
| -i | Use client’s source IP address instead of any. | |
| -F <time> | Remove old agent with same name or IP if its keepalive has more than the specified number of seconds. | |
| -F no | Disable force insertion. | |
| -r | Do not keep removed agents (delete). | |
| -g <group> | Group to run as. | |
| Default | ossec | |
| -D <dir> | Directory to chroot into. | |
| Default | /var/ossec | |
| -p <port> | Manager port. | |
| Default | 1515 | |
| -P | Enable shared password authentication, at /var/ossec/etc/authd.pass or random. | |
| -c <ciphers> | SSL cipher list. The format of this parameter is described in SSL ciphers. | |
| Default | HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH | |
| -v <path> | Full path to CA certificate used to verify clients. | |
| -s | Used with -v, enable source host verification. | |
| -x <path> | Full path to server certificate. | |
| Default | /var/ossec/etc/sslmanager.cert. | |
| -k <path> | Full path to server key. | |
| Default | /var/ossec/etc/sslmanager.key. | |
| -a | Auto negotiate the most secure common SSL/TLS method with the client. | |
| Default | TLS v1.2 only (if supported by the server). | |
| -L | Force insertion even though agent limit has been reached. | |